Solved

Disallow RDP access to certain accounts which are part of Domain Admins

Posted on 2013-11-10
4
381 Views
Last Modified: 2014-02-26
Hi,

We have several 100 servers and we have few accounts used as a service account on these servers.  It is a requirement by the application for these service accounts to be member of Domain Admins Group.

I would like to prevent some of the service accounts RDP access on all our servers.  What is the quickest way of accomplishing this?  Can I do something on the user level like Deny RDP Access etc.??

Help please.
0
Comment
Question by:fais79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39638096
You can do this via GPO. Remember that this change can be reverted back with this account as it is a domain admin account.

Not recommend but can be done via GPO.

Deny RDP access - http://technet.microsoft.com/en-us/library/cc737453(WS.10).aspx

Will.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39638102
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39638620
Before we leave it unquestioned... :)
Why would you need to have those accounts setup as domain admins? Normally, you would use service accounts and assign/delegate just some privileges to them and not the whole lot.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39877784
Please respond or finalize it, this question is growing old :)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question